OpenClaw Secure VPS Deployment (GCP)

Goal

Provision a secure Google Cloud VM to run OpenClaw without buying local hardware.

This skill:

• Authenticates gcloud CLI correctly
• Creates a low-cost VM (about $10/month baseline, region-dependent)
• Secures the server before exposing any app
• Locks down SSH, firewall, and networking
• Ensures OpenClaw binds to localhost only

End state:

• VM is hardened
• No root SSH login
• SSH key only
• No public app exposure
• OpenClaw accessible only via SSH tunnel

Assumptions

• User has a Google Cloud account and billing enabled
• User is on macOS or Linux locally
• User has a static admin IP or can update firewall rules when IP changes
• OpenClaw will be accessed only via SSH local port forwarding

Safety Notes (Read First)

• Do not disable SSH password auth until you verify key-based login works in a second session.
• GCP default VPCs often include a broad default-allow-ssh firewall rule. A narrow allow rule alone is not enough.
• Keep OpenClaw bound to 127.0.0.1 only. Never bind to 0.0.0.0.

Phase 1. gcloud CLI Setup and Auth

1. Install gcloud CLI

macOS:

brew install --cask google-cloud-sdk

Linux:

curl https://sdk.cloud.google.com | bash
exec -l "$SHELL"

Verify:

gcloud version

2. Authenticate

gcloud auth login
gcloud auth application-default login

3. Select Project, Region, Zone

List projects:

gcloud projects list

Set project:

gcloud config set project PROJECT_ID

Set defaults (example: Singapore):

gcloud config set compute/region asia-southeast1
gcloud config set compute/zone asia-southeast1-a

Confirm:

gcloud config list --format='text(core.project,compute.region,compute.zone)'

Phase 2. SSH Key and VM Creation

4. Create SSH Key (Local)

ssh-keygen -t ed25519 -f ~/.ssh/openclaw_gcp

Use a passphrase for better security unless you explicitly need unattended automation.

5. Create VM

Cost-optimized example:

• e2-small
• Debian 12
• 20GB boot disk
• Instance tag openclaw
• Block project-wide SSH keys (instance-specific keys only)

gcloud compute instances create openclaw-vm \
  --machine-type=e2-small \
  --image-family=debian-12 \
  --image-project=debian-cloud \
  --boot-disk-size=20GB \
  --tags=openclaw \
  --metadata=block-project-ssh-keys=true

6. Attach an Instance-Specific SSH Key for clawuser

This uses the guest agent to create/manage the OS account from metadata.

gcloud compute instances add-metadata openclaw-vm \
  --metadata-from-file ssh-keys=<(echo "clawuser:$(cat ~/.ssh/openclaw_gcp.pub)")

If process substitution is unavailable in your shell, create a temporary file:

printf 'clawuser:%s\n' "$(cat ~/.ssh/openclaw_gcp.pub)" > /tmp/openclaw_ssh_keys.txt
gcloud compute instances add-metadata openclaw-vm \
  --metadata-from-file ssh-keys=/tmp/openclaw_ssh_keys.txt
rm -f /tmp/openclaw_ssh_keys.txt

Phase 3. Initial Server Hardening

7. SSH Into the VM as the Non-Root User

gcloud compute ssh clawuser@openclaw-vm \
  --ssh-key-file ~/.ssh/openclaw_gcp

Verify you are not root and that sudo works:

whoami
id
sudo -v

8. Update System

sudo apt update && sudo apt upgrade -y

9. Harden SSH (sshd)

Open config:

sudo nano /etc/ssh/sshd_config

Set or confirm these values:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes

Validate config before restart:

sudo sshd -t

Restart SSH:

sudo systemctl restart ssh

Important: open a second terminal and confirm you can reconnect with the SSH key before closing the first session.

Phase 4. Firewall and Network Lockdown (GCP)

10. Restrict SSH to Your IP and Override Broad Default Rules

Set your current public IP (replace if needed):

MY_IP="$(curl -4 ifconfig.me)"
echo "$MY_IP"

Create an allow rule for your IP (higher priority = lower number):

gcloud compute firewall-rules create openclaw-allow-ssh-admin \
  --direction=INGRESS \
  --priority=900 \
  --action=ALLOW \
  --rules=tcp:22 \
  --target-tags=openclaw \
  --source-ranges="${MY_IP}/32"

Create an explicit deny rule for all other SSH traffic to this instance tag. This prevents exposure even if default-allow-ssh exists.

gcloud compute firewall-rules create openclaw-deny-ssh-all \
  --direction=INGRESS \
  --priority=1000 \
  --action=DENY \
  --rules=tcp:22 \
  --target-tags=openclaw \
  --source-ranges=0.0.0.0/0

Optional (recommended if unused by other VMs): remove the broad default SSH rule:

gcloud compute firewall-rules delete default-allow-ssh

11. Verify Listening Ports on the VM

sudo ss -tulpn | grep LISTEN

Before OpenClaw is installed, only SSH (:22) should be listening on a non-loopback interface.

Phase 5. OpenClaw Installation (Secure Binding)

12. Install OpenClaw

Follow normal OpenClaw install instructions for Debian.

Security requirement:

• Bind OpenClaw to localhost only
• Do not expose the app with a public listener

Example:

OPENCLAW_HOST=127.0.0.1 OPENCLAW_PORT=8080 openclaw start

13. Verify OpenClaw Is Not Public

ss -tulpn | grep 8080

Expected pattern:

127.0.0.1:8080

0.0.0.0:8080 is not allowed.

Phase 6. Secure Access via SSH Tunnel

14. Get the VM External IP

gcloud compute instances describe openclaw-vm \
  --format='get(networkInterfaces[0].accessConfigs[0].natIP)'

15. Create a Local SSH Tunnel (From Your Laptop)

ssh -i ~/.ssh/openclaw_gcp \
  -N -L 8080:127.0.0.1:8080 \
  clawuser@VM_EXTERNAL_IP

Then open:

http://localhost:8080

OpenClaw remains private because traffic is tunneled over SSH.

Final Security Checklist

• Root SSH login disabled
• Password SSH login disabled
• SSH key authentication enabled
• GCP firewall restricted to your IP for SSH
• Explicit SSH deny rule for all others on the openclaw tag
• OpenClaw bound to 127.0.0.1
• Access only via SSH tunnel

Result

You now have:

• A low-cost OpenClaw server on GCP
• A hardened SSH entry point
• No public OpenClaw exposure
• A safer setup for solo use and agent workloads

Optional Hardening (Recommended for Live Use)

• Install fail2ban
• Enable unattended security upgrades
• Add audit logging / journald retention
• Use a static IP if your admin IP changes frequently
• Move SSH to IAP-only access later if you want to remove public SSH entirely